tor privoxy squid
I have installed squid on the gateway machine together with privoxy-tor .Squid is configured to have privoxy-tor as parent proxy. Iptables is set to redirect port 80 traffic to squid's port 3128 .I have tor-privoxy on each lan machine and browsers' torbutton , too.when i start a browser connections from a lan machine browsers are configured with the local privoxy-tor and with tcpdump on the gateway machine , http traffic doesn't seem to go to port 80 where iptables is supposed to redirect packets to squid 3128. If i click on a port 80 url , because tor , traffic goes to tor network , let's say 9001 but it differs from time to time.How can i catch with iptables tor traffic coming from my lan?By port we sayd too generic, i tryied by --uid-owner debian-tor but it doesn' seem to work,neither! Thank you !!! My lan machines are debian sarge stable kernel 2.6 , my gateway machine is a debian etch 2.6,too.
Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
lester psigal [EMAIL PROTECTED] wrote: Thus spake lester psigal ([EMAIL PROTECTED]): i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2. the ff configuration option 'network.proxy.socks_remote_dns ' is set to true, the setting 'network.proxy.failover_timeout' is set to 5 and the 'network.proxy.socks_version' is set to 5 but the ethereal logs show that firefox is still leaking dns requests, i.e. ff still does the lookups itself and does not delegate them to the proxy (which is not quite true: the dns requests are always delegated to the proxy and _sometimes_ to the local dns client too). to make it worse the leaks are occuring randomly (sometimes the remote dns works and sometimes not), so i'm guessing that it is a timeout issue. does ff fallback to local dns lookup when a remote lookup request is not answered in a timely manner or is it a failure with the os dns client or even a ff bug? what else could be done to prevent ff from dns leaking? any hints or suggestions would be very nice as it does not make any sense to me to operate a quite complex and complicated system for anonymous browsing when tracking of dns requests is all a profiling facility has to do... what i've forgot to mention that my installation of firefox uses torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy settings for the vidalia bundle, that is http/s: localhost:8118 and socksv5 localhost:9050. Can you reproduce the problem without any Firefox plugins that influence the proxy settings? A few weeks ago I shortly tested FoxyProxy and had similar experiences. I used the always use proxy xyz feature to quickly switch between different Privoxy versions, Firefox own settings were configured to use Privoxy as well. Directly after starting up, Firefox always ignored the proxy settings and fetched some of the live bookmarks directly. The same happened if there were still tabs open from a previous session. I also had the feeling that it would randomly ignore the settings later on, but I didn't use the plugin long enough to verify this. I never used torbutton, but maybe it has similar problems. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: tor privoxy squid
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Just a note, Squid is very bad for privacy with tor. Please see the related documentation on the wiki! Thanks, Andrew - --- Frivolous lawsuits. Unlawful government seizures. What's YOUR defense? Protect your assets, keep what you earn, and generate more income at the same time! Visit http://www.mpassetprotection.com/ On 11/18/2006 08:04 AM, gabrix wrote: I have installed squid on the gateway machine together with privoxy-tor .Squid is configured to have privoxy-tor as parent proxy. Iptables is set to redirect port 80 traffic to squid's port 3128 .I have tor-privoxy on each lan machine and browsers' torbutton , too.when i start a browser connections from a lan machine browsers are configured with the local privoxy-tor and with tcpdump on the gateway machine , http traffic doesn't seem to go to port 80 where iptables is supposed to redirect packets to squid 3128. If i click on a port 80 url , because tor , traffic goes to tor network , let's say 9001 but it differs from time to time.How can i catch with iptables tor traffic coming from my lan?By port we sayd too generic, i tryied by --uid-owner debian-tor but it doesn' seem to work,neither! Thank you !!! My lan machines are debian sarge stable kernel 2.6 , my gateway machine is a debian etch 2.6,too. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFX262gwZR2XMkZmQRAyeWAKCcadhM6jRNXBSRI6Bl49I9JGWo2QCdGxuA 3A4TBQ9e661FuX/XgY1QmVs= =WSet -END PGP SIGNATURE-
Re: A different solution for anonymous browsing !
The programs above come with docs and just google for how to chain proxies or something of the like, there are hundreds of tutorials out there. For chaining tor-proxychain-tor or something like that, open tor using freecap/sockscap and have it proxy through another proxychaining program. If you have multiple tor programs runnning, you will have to edit their listen port. On 11/17/06, gabrix [EMAIL PROTECTED] wrote: Ringo Kamens wrote: I have used lots of different programs to chain tor connections and proxies. Socks chain has recieved kudos from the proxy industry but I don't use it because it isn't open source. Proxyrama is a nice HTTP proxy chainer and you can use sockscap to chain it though tor. Charon is a nice proxy finder/checker along with accessdiver. On 11/16/06, *gabrix* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I invite everyone , who is trying , tryed or is actually applying a chain of proxies for browsing,like manies one after the other , or unusual proxies configurations for anonymous browsing different from the usual tor/privoxy duo,socat,anonweb,polipo,squid,wwwoffle, to let me know thanks ! What i really would like is documentation and usage examples , could you provide some ???
Re: A different solution for anonymous browsing !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 gabrix @ 2006/11/16 04:28: I invite everyone , who is trying , tryed or is actually applying a chain of proxies for browsing,like manies one after the other , or unusual proxies configurations for anonymous browsing different from the usual tor/privoxy duo,socat,anonweb,polipo,squid,wwwoffle, to let me know thanks ! i'm not sure why you are wanting to do this. but, if you are trying to be more anonymous, then this is not the right approach. here's why: as i have been told (and please correct me if i'm mistaken!), basically, every OS-browser-proxy(-et.al.) combination is going to leave behind a unique footprint that can be tracked by a skilled adversary. the more complicated you make your chain of proxies, the more unique footprint it will leave. in this respect it is best to stick with a configuration more people use, hence anonymity. good luck. on the other paw, if you are doing such a thing so you can research these unique footprints and compile a database of sorts, please share your results! the more we know, the better each application can be tuned so as to minimize and converge such unique footprints. -BEGIN PGP SIGNATURE- iD8DBQFFX+cPXhfCJNu98qARCIJJAJ9uRkIwWjdzCXd4e0m0rTl9Y4epbgCgwt+a l/eX/LuFVwjEY+FZi+uGVic= =mTGS -END PGP SIGNATURE-
